Frequently Asked Questions

The StratusPhere is a technical blog by me, David Liddle CCSP, a Cloud Security Solution Architect. It is focused on providing honest, practical guidance for small and medium businesses navigating cloud migration, cybersecurity, and digital transformation. We cut through vendor marketing and provide real-world advice based on actual implementation experience.

All content is written by me, David Liddle CCSP, a cloud security professional. I’m a hands-on practitioner who implements the solutions I write about, not just a consultant who recommends things I’ve never built.

I’ll endeavour to publish new content weekly, but the focus is on quality over quantity. I’d rather write one thoroughly researched, genuinely useful post than churn out daily content that doesn’t help anyone.

You can subscribe via the newsletter signup form in the footer of any page. I’ll send you an email when new posts are published, typically once per week. No spam, no daily emails, just the good stuff.

Migrate when you have a clear business reason; rapid growth requiring scalability, geographic expansion, aging infrastructure nearing refresh, or variable workloads where cloud economics make sense. Don’t migrate just because ’everyone else is doing it.’ If your current setup works well and your needs are predictable, staying on-premises might be cheaper.

No. For predictable, always-on workloads running 24/7, on-premises is often cheaper over 3-5 years. Cloud costs more per unit of compute, but eliminates upfront investment and provides flexibility. Cloud wins when you need variable capacity, rapid scaling, or want to avoid capital expenditure. Use our Cloud Readiness Assessment to evaluate your specific situation.

It depends on complexity: simple lift-and-shift migrations might take 3-6 months, while re-architecting applications can take 12-18 months or more. Don’t rush it. A phased approach (migrate non-critical systems first, learn, then tackle core systems) usually works better than ‘big bang’ migrations.

AWS has the most features and maturity. Azure integrates well if you’re Microsoft-heavy. Google Cloud excels at data analytics and Kubernetes. For SMEs, the differences matter less than you’d think - all three are solid. Pick your provider based on; existing skills, specific services you need, regional availability, and cost for your workload. Don’t overthink it.

Yes, hybrid often makes the most sense. Keep stable, business-critical systems on-premises where you have control and lower costs. Use cloud for variable workloads, disaster recovery, dev/test environments, and geographic expansion. You’re not locked into all-or-nothing.

Cloud can be very secure, but security is a shared responsibility. Providers (AWS, Azure, GCP) secure the infrastructure, but you’re responsible for securing your data, applications, and configurations. A misconfigured S3 bucket is your problem, not Amazon’s. Cloud provides excellent security tools - you just need to use them correctly.

All major cloud providers offer region-specific data centers (UK, EU, etc.) and GDPR-compliant services. You can restrict where data is stored and processed. However, you need to configure this correctly and understand the shared responsibility model. For highly sensitive data with strict residency requirements, sovereign cloud or on-premises might be simpler.

By default, only you and users you authorize. Cloud providers can’t access your data except in specific circumstances (legal requirements, support requests you initiate). Your data is encrypted and isolated. The bigger risk is your own team misconfiguring access controls or using weak passwords.

Cloud makes DR much more affordable. You can replicate data to multiple regions, automate backups, and test recovery without maintaining duplicate infrastructure. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) that would cost £100K+ on-premises are achievable for a fraction of the cost in cloud.

You pay for what you use: compute (CPU/RAM hours), storage (GB/month), network bandwidth (data transfer), and additional services. Pricing is complex with hundreds of options. Key gotchas: data egress (moving data out) can be expensive, idle resources still cost money, and costs can spiral without monitoring. Always set up billing alerts.

Set up billing alerts immediately. Tag all resources to track spending by project. Right-size instances (don’t over-provision). Turn off dev/test environments when not in use. Use reserved instances or savings plans for predictable workloads. Review costs monthly and kill zombie resources. Budget 20-30% above estimates for the first year while you learn.

Include: compute, storage, bandwidth, licenses, management tools, training, and staff time. Many orgs underestimate bandwidth costs and management complexity. Run numbers for 3-5 years, not just year one. For steady workloads, on-premises might be 20-30% cheaper. For variable workloads, cloud can be 40-50% cheaper. It’s workload-dependent.

Yes. I can help SMEs with cloud strategy, migration planning, security assessments, and implementation. I’m a practitioner first, I build the solutions I recommend. If you need help beyond blog advice, contact me for a no-obligation chat.

I’m UK-based and primarily serve clients in the UK and Europe. For cloud-focused work, I can work with clients globally as much of my work is remote. Contact me to discuss your specific needs.

Use the contact form or connect via LinkedIn (link in footer). I typically respond within 1-2 business days. For general questions, check if I’ve already answered them here in the FAQs first!

I may incorporate affiliate marketing in the future for products and services I genuinely recommend and ampassionate about. When I do, I’ll clearly disclose it. I’ll never recommend something solely because it pays a commission. My reputation matters more than affiliate revenue.

IaaS (Infrastructure as a Service): You manage the OS up - provider manages hardware. Like renting a server. PaaS (Platform as a Service): You manage only your application - provider manages OS, middleware, runtime. Like Heroku. SaaS (Software as a Service): You just use the software - provider manages everything. Like Gmail. More control = more responsibility.

Probably not. Kubernetes is powerful but complex. If you’re running a few applications and don’t need to orchestrate hundreds of containers, you don’t need it. Start simpler: VM-based or managed PaaS solutions. Kubernetes makes sense when you have dozens of microservices, need advanced orchestration, or have dedicated DevOps staff. Don’t use it just because it’s trendy.

Serverless (like AWS Lambda) is great for: event-driven workloads, variable traffic patterns, or tasks that don’t run constantly. You pay only when code runs. Downsides: vendor lock-in, cold start latency, complexity debugging. For steady-state applications running 24/7, traditional compute might be cheaper and simpler.

Usually yes, but it depends. Simple ’lift and shift’ (move as-is) works for many apps but doesn’t take advantage cloud benefits. Some legacy apps with specific hardware dependencies or licensing restrictions can’t move easily. Assess each application individually. Sometimes the best answer is: leave it on-premises until you’re ready to replace it.